Quantcast
Channel: Azure Networking (DNS, Traffic Manager, VPN, VNET) forum
Viewing all 6513 articles
Browse latest View live

Connectivity between Azure Bastion and VM

November 19, 2019, 11:15 am
$
0
0

Hi
I receive error when logging on to Bastion.

It opens up fine, but is slow and theese errors.

error 1:
The network connection to the Bastion Host appears unstable.

error 2:
Connection Error
The connection has been closed because the target machine is taking too long to respond. This is usually caused by network problems, such as a spotty wireless signal, or slow network speeds. Please check your network connection and try again or contact your system administrator.

I'm not sure what could be the problem, I did try connect from other networks from my client but still same problem.

Any ideas to a fix?

Search

Price for "Standard" (Legacy) VPN Gateway used as VPN-type, per hour or monthly

November 14, 2019, 8:41 pm
$
0
0

Hello,

Looking at https://azure.microsoft.com/en-us/pricing/details/vpn-gateway/, for legacy SKUs it only mentions the "Basic" SKU, rated at $0.04/hour, based on a 730 hours usage/month at 100Mbps.

I would like to know the cost for a Standard SKU, provision and usage (inbound-outbound data transfer), used for a Route-based VPN (no ExpressRoute). 

The thing is that after adding one, since day one there has been an increase of the billing daily for that particular resource:

Day 1: $0.76. Day 2: $1.60. Day 3: $2.76


Regards


Simple URL redirection with Azure Application Gateway

November 13, 2019, 8:01 am
$
0
0

Hi, I would like to configure a simple redirection within my Application Gateway. In my case, I have several VMs running a Tomcat with several webapps. When I call the public IP of the gateway, I will get to the Tomcat landing page. I would like to redirect it to a webapp of my choice, so to a "<IP>/<weppapp>".

Issue with Site-to-Site Connectivity and VNet-VNet Connectivity

November 9, 2019, 10:34 am
$
0
0

Hi Everyone,

We have our Landscape over 2 Azure regions viz. Region-01 and Region-02. We have setup Site to Site VPN Connectivity between our On-premise Gateway and Azure Gateway of Region-01. Have also setup VNet-to-VNet connectivity between VNet (Region-01) and VNet (Region-02). Now, I'm able to ping VMs in Region-01 from On-premise Network and also VMs in Region are able to ping VMs in Region-02, but VMs in Region-02 are not pinging from On-premise Network.

My query is - What setting / change in configuration we need to do, so that I'm able to ping my Region-02 VMs from On-premise Network.

Thanks

Kumar

Azure Web Application Firewall causing website slowness

November 1, 2019, 4:56 am
$
0
0

Hi, 

We have configured WAF to run the websites hosted on the Azure VMs. The HTTP & HTTPS responses via WAF IP have high latencies compared to when browsing directly to the VM's public IP.

Do we need to tweak some parameter on Azure portal for WAF or increase the SKU of WAF. 

Regards,

Gaurav N.

Creating a non-routed subnet?

November 3, 2019, 10:44 pm
$
0
0

What is the recommended best practice for creating a subnet intended for cluster sync traffic. The subnet is layer 2 only in that only traffic between nodes using the subnet should be permitted. There is no traffic in or out of the subnet and no routing required. I can do this with route tables and NSGs. But I wondered if Azure already has a method.

Reduce Billing

November 4, 2019, 12:23 am
$
0
0
How can I prevent VPN Gateway from more billing?

Mudasir

Share a single public IP for outgoing traffic from various resources in a vnet?

November 6, 2019, 1:33 am
$
0
0

We have a bunch of services in a vnet (consisting of several subnets), including app services, stand alone virtual machines and scale sets. All of these needs outgoing internet access, but most of them accept no incoming traffic. Is it possible to configure this setup so that they all "share" a single public IP for this outgoing traffic? An IP that we can "control" ourselves (ie it is an ARM resource that we can see in the portal).

When I google on this problem, all I seem to find is solutions about machines behind a single load balancer (or application gateway), and the traffic being both incoming and outgoing. Instead we want something more like the network is built up in a normal office, having a bunch of various computers and servers, most of which are not reachable from the internet, but almost all of them having outgoing internet access, and when they reach they internet they all "go though" the same public IP.

Is there a way to achieve this in Azure? And can it be done by someone who has no real networking skills? Maybe there are some guides that describe how to do this? And a complete ARM template example would be great too.

Also, all our VMs are Linux servers.


Search

how to access restrict for private endpoint

November 7, 2019, 4:47 pm
$
0
0
A private endpoint of Azure SQLDB is created, and it can be accessed with Private IP via Express Route from on-premises.
Since the NSG of the subnet does not act on the endpoint, the private endopoint can be accessed from anywhere on-premises.
Is there any way to restrict the connection source IP address for Private endpoint on Azure side?

Looking for detailed steps on configuring a express route from on premise to the cloud?

November 7, 2019, 5:45 am
$
0
0

Looking for detailed steps on configuring an express route from on premise to the cloud as well as providing a way for vnets to communicate with other vnets/on premise?

Are there any prerequisite configurations that need to be done on premise?   Do we need any special gateways configured in the Vnets?   We will be using several vnets to include: 1) vnet 2- management apps- requires jump servers, 2) vnet 1 - path for traffic from on premise to other vnets, 3) vnet 3- production, 4) vnet 4 - development, 4) vnet 5 - test.   All traffic with the exception of management traffic will all pass through vnet 2.    Is there a type of virtual router (ie AWS has a virtual gateway which is a SaaS which acts like a router) so that traffic can communicate between vnets in the cloud while allowing for communication with on premise {vnet 1 (all cloud bound traffic except management traffic) and vnet 2 (management traffic like jump servers) would both need to communicate with on premise}?  

It seems like there is no such azure offering for a virtual network interface that allow communication between vnets?  I only noticed a hub vnet which communicates with the on premise via a express route gateway.   This hub and  spoke seems to only allow communication with the hub?  Wanting to reduce or simplify the cloud peering configurations. (see diagram in the link)  We were expecting to have vnet have peering connections to this virtual gateway (which would have to act like virtual router service) allowing for communication between the vnets in the cloud.   Vnet 1 ( all traffic expect management) and Vnet 2 ( management) would be the entry point for traffic in the cloud.

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke

XXXXXXXXXXXXXXXXXXXXXXXXXXX

https://github.com/microsoft/Common-Design-Principles-for-a-Hub-and-Spoke-VNET-Archiecture

noted under Hub and Spoke Architecturer in the above link (2nd bullet - Spoke Vnets) that they are not transitive.  Please confirm my understanding because we need the spoke vnet to communicate with each other.  Therefore would our requirement for transitive communication between  spoke vnets using peering? ( this requires a lot of peering ) or do we need a  virtual router allow communication between each spoke vnet?  Communication with this router would not require a peering?



Is there a version of AWS transit gateway in Azure?

November 6, 2019, 10:50 am
$
0
0

Is there a version of "AWS transit gateway" in Azure?

https://aws.amazon.com/transit-gateway/

AWS's version of virtual gatewas is like a virtual router in the cloud provided as a service for VPC to connect.

It is like a hub where spokes can connect to other VPCs in the cloud.

AWS transit gateway is a virtual gateway where multiple VPC can connect via a single virtual gateway so that traffic can be routed to other VPCs.

How would we do this in azure?,... what is the corresponding product?  

This allows a connecting of separate VPCs to a single interface like in a hub and spoke design.

In other words, if we need multiple VNETs to communicate is there a azure product that acts like a virtual gateway to allow this?   We do not want to directly configure a peering to each VPC but rather want a virtual gateway where the traffic can be routed to multiple VNETs.   There would be no need to have a separate peering between each Vnet.

The below link shows a transit gateway however is there an actual virtual gateway because logically it appears as a transit vnet which is a hub which connected the other vnets.   Will this allow all the vnets to communicate with each other from the single transit vnet?

https://azure.microsoft.com/en-us/blog/vnet-peering-and-vpn-gateways/


dsk







Joining computers to domain over Azure P2S vpn AND logging in users

November 12, 2019, 9:05 am
$
0
0

I have setup a couple clients now with new Windows AD domains on a vm in Azure. I then join all their computers to this domain. The office computers join fine over the S2S vpn. The issue I'm having is not necessarily joining computers to the domain over the Azure P2S vpn client, but logging in users after the machine is joined to the domain.

Continue to get the following message when attempting to connect to the Azure p2s vpn with the vpn icon on the login screen.

'We can't sign you in with this credential because your domain isn't available. Make sure your device is connected to your organization's network and try again. If you previously signed into this device with another credential, you can sign in with that credential.'

Right now, to get this to work, we are having to join the computer to the domain using a local admin account. Then switch users just after joining it to the domain. Log in with the domain user's credentials, and then reboot.

Thanks!!!

Dave

Azure DNS

November 12, 2019, 3:25 am
$
0
0

hELLO

I am in need to know how can i size azure DNS in pricing calculator?

Mudasir

Point to Site VPN in AZURE

November 12, 2019, 12:39 am
$
0
0

Hi,

I have deployed  Point to Site VPN in Azure with the help of Self-Signed Certificate. It is working.

Could you please tell me how I can do with the help of commercial certificate? like digicert, godaddy etc. Which Certificate I will buy? How to make certificate request etc. thanks

Regards

Azure Site2Site Policy Based VPN (IKev1)

November 7, 2019, 11:09 pm
$
0
0
Hello Team...I established a site to site VPN using Policy based option(Ikev1) and the tunnel was connected. The VM in azure needs to talk to 3servers on premise but it can only reach one at a time....I have rotated the IPs by removing them in turns and I was able to reach them one by one but could not reach more than one when the 3 are in ACl..The onprem router is cisco ISR and it is  supported...What am I missing pls.  I will appreciate suggestion and advice.

"The expert in anything was once a beginner"

Search

Unable to use "https://imms.XXXXX.ca/start" when including Fronto Door IPs in Network Restricted Access

November 6, 2019, 6:33 am
$
0
0

I have implemented Azure Front Door.

I've also included the Front Door IPs in the Network Restricted Access so that ISO 27001 rule (restrict access) is satisfied and my client is satisfied that the iso 27001 REGULATORY COMPLIANCE is being met.

https://imms.XXXXX.ca/start is a folder with an ASP.NET page (PPPPP.aspx) which is defined as a DEFAULT DOCUMENT.

When I try to access https://imms.XXXXX.ca/start , it sends me to the backend address https://XXXXX.azurewebsites.net/start/ with a 403 error.

When I try to access https://imms.XXXXX.ca/start/, it works.

I need it to work with just https://imms.XXXXX.ca/start

When I remove the Front Door IPs from the NETWORK RESTRICTED ACCESS, 

https://imms.XXXXX.ca/start works but I am no longer "in compliance" with ISO 270001.


Looking for C# code snippet for deleting and creating the loadbalancer rules for the given SLB

November 10, 2019, 12:27 am
$
0
0
Looking for C# code snippet for deleting and creating the loadbalancer rules for the given SLB

Anand

Unable to delete VNET or subnet

November 9, 2018, 8:33 pm
$
0
0

I have enabled the VNET integration (preview) feature in one of my App Services and deleted the App Service.

Now I'm not able to delete the subnet which it as the associated or the VNET which the subnet is part of.

It seems to be a bug where it doesn't delete the VNET Integration association to the subnet when you delete the App Service.

The error is as follows:

Failed to delete subnet 'Frontend'. Error: Subnet Frontend is in use by /subscriptions/fb99f5a1-54fe-4dcf-8510-13689cc0f9ef/resourceGroups/xxxxxxx/providers/Microsoft.Web/serverfarms/xxxxxAppPlan and cannot be deleted.

Anyone knows a workaround until the bug is corrected?

Thanks

Felipe


Disable IPV6 on Azure VM

June 19, 2018, 1:14 am
$
0
0

I've often read in Azure documentation that it is not recommended to make any changes to the VM network from within the guest OS NIC settings. Cool. But then I come across this doc  I see the note as "For best performance, when you are using Azure VMs as DNS servers, IPv6 should be disabled."


1. What is the technical justification for this statement?

2. How do I disable IPV6 on a VM without touching the guest OS NIC settings which you guys tell me not to touch. Am I missing something?

Cannot deploy Azure Bastion

October 8, 2019, 5:18 am
$
0
0

Hello

Not sure if this is the correct forum?

I have enabled Azure Bastion (Preview) in my tenant and subscription using the relvant Powershell commands.

Everytime I deploy a Bastion, it errors.  I have never successfully deployed a Bastion yet.  The error is:

The status for the deployment comes up a 'Conflict'.

The errore details are below.

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"Conflict","message":"{\r\n \"status\": \"Failed\",\r\n \"error\": {\r\n \"code\": \"ResourceDeploymentFailure\",\r\n \"message\": \"The resource operation completed with terminal provisioning state 'Failed'.\",\r\n \"details\": [\r\n {\r\n \"code\": \"VmssGatewayDeploymentFailed\",\r\n \"message\": \"The gateway deployment operation failed due to an intermittent error. Please try again.\",\r\n \"details\": []\r\n }\r\n ]\r\n }\r\n}"}]}

I have a few articles about it, but all they say it try again.  I have redpeloyed many mutiple times but always the same error.  i have tried from scratch multiple time but alwasy the same error.  I have tried different subscriptions, but always the same error.

Does anyone have any ideas?

Thanks

Richard

Viewing all 6513 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>